← 返回 Skills 市场
blackstorm

4todo

作者 blackstorm · GitHub ↗ · v0.1.3
cross-platform ⚠ suspicious
2455
总下载
3
收藏
3
当前安装
3
版本数
在 OpenClaw 中安装
/install 4todo
功能描述
Manage 4todo (4to.do) from chat. Capture tasks, prioritize with the Eisenhower Matrix, reorder, complete, and manage recurring tasks across workspaces.
使用说明 (SKILL.md)

4todo

4to.do Eisenhower Matrix To‑Do List

Goal

  • Use curl to call the 4todo API (https://4to.do/api/v0) to manage:
    • workspaces
    • todos
    • recurring todos
  • Store the token in a way that is injectable but not leak-prone (prefer OpenClaw per-run env injection; do not paste secrets into prompts, logs, or repo files).

Required Environment Variable

  • FOURTODO_API_TOKEN: your 4todo API token (Bearer token)
  • If missing, ask the user to set it via OpenClaw config (do not ask them to paste the token into chat).

Runtime Requirement

  • curl must be available on PATH (and inside the sandbox container, if the agent is sandboxed).

User-facing output rules (important)

  • Be non-technical by default. Focus on outcomes, not implementation.
    • Avoid mentioning: curl, endpoints, headers, API mechanics, JSON payloads, config patches.
    • Mention technical details only when debugging or if the user explicitly asks “how does it work?”.
  • Do not print internal IDs by default:
    • Do not show ws_..., todo_..., rec_todo_... unless the user asks.
    • Refer to workspaces and tasks by name.
    • If disambiguation is needed (duplicate names), ask a clarifying question and present a short numbered list of names; only offer IDs if the user requests them.
  • Quadrants:
    • In chat, prefer plain language: “urgent & important”, “important (not urgent)”, “urgent (not important)”, “neither”.
    • Use IU | IN | NU | NN internally for API calls. Only show codes if the user uses codes first or explicitly asks.

Examples (preferred)

Workspaces:

Your workspaces:
1) Haoya (default)
2) 4todo
3) Echopark

Todos (summary):

Urgent & important:
1) UK company dissolution
2) Hetzner monthly payment (recurring, monthly)

Important (not urgent):
1) Weekly review (recurring, Fridays)

Store / Inject the Token in OpenClaw (recommended)

OpenClaw can inject environment variables only for the duration of an agent run (then restores the original env), which helps keep secrets out of prompts.

Recommended (production): set FOURTODO_API_TOKEN in your Gateway process environment using your hosting provider’s secret store, and do not store tokens in chat logs.

Host runs (not sandboxed): use skills.entries

Edit ~/.openclaw/openclaw.json:

{
  skills: {
    entries: {
      "4todo": {
        enabled: true,
        env: {
          FOURTODO_API_TOKEN: "YOUR_4TODO_API_TOKEN"
        }
      }
    }
  }
}

Notes:

  • skills.entries.\x3Cskill>.env is injected only if the variable is not already set.

Sandboxed sessions: use agents.defaults.sandbox.docker.env

When a session is sandboxed, skill env injection does not propagate into the Docker container. Provide the token via Docker env:

{
  agents: {
    defaults: {
      sandbox: {
        docker: {
          env: {
            FOURTODO_API_TOKEN: "YOUR_4TODO_API_TOKEN"
          }
        }
      }
    }
  }
}

Request Conventions

  • Every request must include Authorization: Bearer \x3Ctoken>.
  • Requests with a JSON body must include Content-Type: application/json.
  • GET /todos requires a workspace query parameter.
  • Quadrants: IU | IN | NU | NN (internal).

Workflow (recommended order)

Copy this checklist and keep it updated while executing:

Task checklist:
- [ ] List workspaces (pick `ws_...`)
- [ ] List todos for that workspace
- [ ] Perform the requested mutation (create / complete / reorder / recurring)
- [ ] Re-fetch to verify the change
  1. GET /workspaces: pick a target ws_... (usually the default workspace).
  2. GET /todos?workspace=ws_...: fetch todos (grouped by quadrant).
  3. Create: POST /todos.
  4. Complete: POST /todos/:id/complete (idempotent).
  5. Reorder / move quadrant: POST /todos/reorder.
  6. Recurring todos: use the /recurring-todos endpoints.

HTTP Examples (curl)

This skill intentionally uses curl for maximum portability across OSes and environments.

Notes:

  • HTTPS only (https://4to.do/api/v0).
  • Always pass the token via FOURTODO_API_TOKEN (never paste tokens into chat).
curl -sS -H "Authorization: Bearer $FOURTODO_API_TOKEN" -H "Accept: application/json" "https://4to.do/api/v0/workspaces"
curl -sS -H "Authorization: Bearer $FOURTODO_API_TOKEN" -H "Accept: application/json" "https://4to.do/api/v0/todos?workspace=ws_...&show=all"
curl -sS -X POST -H "Authorization: Bearer $FOURTODO_API_TOKEN" -H "Accept: application/json" -H "Content-Type: application/json" --data-raw '{"name":"...","quadrant":"IU","workspace_id":"ws_..."}' "https://4to.do/api/v0/todos"
curl -sS -X POST -H "Authorization: Bearer $FOURTODO_API_TOKEN" -H "Accept: application/json" "https://4to.do/api/v0/todos/todo_.../complete"
curl -sS -X POST -H "Authorization: Bearer $FOURTODO_API_TOKEN" -H "Accept: application/json" -H "Content-Type: application/json" --data-raw '{"moved_todo_id":"todo_...","previous_todo_id":"todo_...","next_todo_id":null,"quadrant":"IN"}' "https://4to.do/api/v0/todos/reorder"

Note: if moved_todo_id starts with rec_todo_, the API updates only the recurring todo quadrant and ignores previous_todo_id/next_todo_id.

Common Error Handling (agent guidance)

  • 401 token_expired / invalid_token: stop retrying; ask the user to create a new token in 4todo settings and update OpenClaw config.
  • 402 WORKSPACE_RESTRICTED: the workspace is read-only; do not retry mutations; switch workspace or prompt user to upgrade/unlock.
  • 429 rate_limited: honor Retry-After / X-RateLimit-* and back off before retry.
  • 400 Invalid quadrant type: ensure quadrant is one of IU|IN|NU|NN.

Reference

  • Full API doc bundled with this skill: {baseDir}/references/api_v0.md
安全使用建议
This skill appears to do what it claims (talk to the 4to.do API), but the registry metadata doesn't list the runtime requirements the SKILL.md documents. Before installing: (1) confirm you are comfortable adding a FOURTODO_API_TOKEN to your OpenClaw host config or Docker env (do not paste tokens into chat); (2) ensure curl is available in the environment where the agent will run; (3) ask the skill author or registry maintainer to update the package metadata to declare FOURTODO_API_TOKEN and the curl dependency so the platform can warn you; (4) if you enable the skill in your host OpenClaw config, back up ~/.openclaw/openclaw.json and prefer injecting the token from your hosting provider's secret store rather than hardcoding it in the file.
功能分析
Type: OpenClaw Skill Name: 4todo Version: 0.1.3 The skill is designed to manage 4todo (4to.do) tasks via its API using `curl`. All instructions in `SKILL.md` and `references/api_v0.md` consistently direct API calls to `https://4to.do/api/v0`. The skill explicitly instructs the agent on secure handling of the `FOURTODO_API_TOKEN` environment variable, advising against pasting secrets into prompts or logs, which is a strong indicator of security-conscious design. There is no evidence of data exfiltration, malicious execution (e.g., `curl|bash`), persistence mechanisms, or prompt injection attempts to subvert the agent's core purpose or access unrelated sensitive data.
能力评估
Purpose & Capability
The skill clearly intends to manage 4to.do via its API (workspaces, todos, recurring todos). The SKILL.md requires an API token (FOURTODO_API_TOKEN) and use of curl, which are proportionate to that purpose. However, the registry metadata lists no required environment variables or required binaries — a mismatch between what the skill says it needs at runtime and what the registry declares.
Instruction Scope
The SKILL.md instructs only to call the 4to.do API over HTTPS and to store/use the API token via OpenClaw environment injection or Docker env for sandboxed sessions. It does not ask the agent to read unrelated system files, exfiltrate data to third parties, or run arbitrary code. It does instruct edits to OpenClaw config files (~/.openclaw/openclaw.json) and Docker agent config when setting the token — this is expected for injecting credentials but is a change to user config that the user should consent to.
Install Mechanism
No install spec and no code files (instruction-only), so nothing is downloaded or written by an installer. This minimizes install-time risk.
Credentials
SKILL.md requires a single bearer token (FOURTODO_API_TOKEN) — appropriate and limited. However, the skill also requires curl on PATH; neither the required env var nor the binary requirement is declared in the registry metadata. The metadata omission is an incoherence that could cause accidental token exposure or runtime failures if the operator isn't warned.
Persistence & Privilege
The skill does not request always:true, does not attempt to modify other skills, and uses normal OpenClaw mechanisms for per-run env injection or host config entries. The fact it suggests enabling itself in ~/.openclaw/openclaw.json is expected behavior for host runs but will write to a user config file — users should review such changes before applying them.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install 4todo
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /4todo 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.3
4todo 0.1.3 - Updated guidance to handle `401 invalid_token` errors the same as `token_expired` (prompting user to refresh token and update config). - No code or logic changes; documentation only. - Clarified error handling instructions for agent implementers.
v0.1.1
4todo v0.1.1 - Improved description to clarify integration with 4to.do and the Eisenhower Matrix. - Minor copy updates for clarity and presentation; no functional or behavioral changes. - No code or logic changes in this version.
v0.1.0
4todo 0.1.0 – Initial Release - Manage 4todo tasks directly from chat: capture, prioritize (Eisenhower Matrix), reorder, complete, and handle recurring tasks. - Supports multiple workspaces with clear, non-technical output focused on task names and outcomes. - Requires your 4todo API token to be set via secure OpenClaw config (not pasted in chat). - All operations performed with `curl` for broad compatibility. - Error handling guides users to resolve auth or permission issues gracefully.
元数据
Slug 4todo
版本 0.1.3
许可证
累计安装 3
当前安装数 3
历史版本数 3
常见问题

4todo 是什么?

Manage 4todo (4to.do) from chat. Capture tasks, prioritize with the Eisenhower Matrix, reorder, complete, and manage recurring tasks across workspaces. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2455 次。

如何安装 4todo?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install 4todo」即可一键安装,无需额外配置。

4todo 是免费的吗?

是的,4todo 完全免费(开源免费),可自由下载、安装和使用。

4todo 支持哪些平台?

4todo 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 4todo?

由 blackstorm(@blackstorm)开发并维护,当前版本 v0.1.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论